Why you should update your CMS

Don’t spoil the party!

We know how it is. You’ve paid for your shiny new website, your developer has handed you the keys (well, the login details) and you want to share it with the world and enjoy this pretty new worldwide window on your business. Then your developer mentions to you that it is important to make sure you apply security updates and maintain your website. Talk about a spoilsport! You don’t want to think about all that stuff, you want to get blogging and sharing, perhaps even taking orders through your new website.

So why update?

Here are some of the reasons why it is vital that you keep your site up to date. You can do this yourself, or Coppertops can take care of it for you and save you the time and hassle. Either way, please make sure to apply your updates!

So you see the notification in your WordPress dashboard telling you that your site or one of its plugins or themes needs you to apply an update. It is extremely easy to ignore these notifications, the Reuters website was hacked in 2012 because they hadn’t applied a core update to WordPress.

Let’s take a second to consider why exactly these updates are important, and why WordPress may be vulnerable. WordPress is an obvious target for attack, it is one of the most popular web formats in the world with around 700,000 websites recorded using the platform as of May 2012. In addition, many of its users are inexperienced in the world of the Internet as it is also one of the easiest platforms to master. So for a hacker it is too tempting to try to find vulnerabilities in the code, as hacking WordPress would potentially allow access to so many websites around the world.

On the flip side of that, with so many websites, businesses and users now relying on WordPress there is a lot of resource behind the effort to keep it safe. So more often than not vulnerabilities are picked up on by the “good guys” and fixed before the “bad guys” ever get a chance to exploit them. The fixes that are developed for WordPress itself are made available to WordPress sites, and the fixes for plugins or themes are made available to all sites with those plugins or themes installed incredibly quickly. However, the fixes only solve the problem if the user installs them.

What else do I need to do to keep my website safe?

Don’t install plugins or themes from sources you are not sure that you can trust. Check out their reputation online before buying or downloading. A plugin or theme can provide a hacker with access to your site through malware.

Keep your logins safe. Use a password manager so you can set a truly secure password.

Don’t use your admin user to post on your site. Keep your username and display name different. Hackers will attempt to get in using the usernames that they can see exist on your website.

Install a good security plugin and configure it to keep your site as safe as possible.

Make it as difficult as possible for anybody to gain access to your site.

Why are these updates not automatically installed, wouldn’t that be safer?

In terms of safety alone this would potentially be the ideal solution. The problem is that the developers of a fix don’t know the exact configuration of every single WordPress website around the world. They cannot possibly test every possible combination of plugins and themes. The WordPress repository has 20,000 plugins, and there are additional plugins available from other sources. So they provide the updates to users so that we can apply them manually in order to check that there aren’t any side effects.

Whenever you apply an update to WordPress or to a plugin or theme, it is vital that you check your site and make sure that it has not been impacted by the update.

What kind of attacks can happen?

Originally, hacking was about showing what you could do and changing the information on websites was as much about declaring that you had succeeded in hacking the site as it was about any actual gain for the hacker.

Now, hackers are more interested in monetary gain from their exploits. There is substantial potential to “earn” from this activity as more and more online transactions are taking place.

In addition, hackers now spend almost all of their time looking for vulnerabilities. Once they have found a way in, they set up automated mechanisms to exploit it while they move on to finding the next way in.

The result is that the landscape is ever changing, and if the hackers techniques are changing so quickly then website owners and developers must attempt to move even faster to stay ahead of their attempts.

What if I don’t have the time, or the inclination, for all of this website management?

That’s why we are here! We can take care of all of the updates on your site, testing each one as we apply them, so that you don’t have to. We check all of our sites for updates at least weekly and usually daily. Our process on updating is that we check online to make sure there are no reported issues with an update, we apply the update and we check out each site individually to ensure that everything is in order.

In addition, we maintain regular backups of the websites that we manage, so we always have a way to restore the site if catastrophe occurs (this is extremely rare, but we must have been scouts in a former life as our motto is “be prepared”!)

We also check for broken links, run malware scans and keep uptime monitors on these websites.

We provide a weekly report to our clients showing them the work carried out on their site – updates, backups, etc.

All of this means that we usually pick up on issues with our clients’ websites, fix them and let them know what we’ve done before our client is even aware of the problem.

With my IT background and love of good design, I take pride in putting together highly professional websites that work well for their owners. My coding background lets me hook things together for effectiveness, efficiency and ease of use. My history with data management means I have a good understanding of search optimisation. I mainly use WordPress as a baseline to ensure all of these qualities, with customisations to suit.